cleantalk
Vulnerabilities and Security Researches

Image Compressor & Optimizer – iLoveIMG, 498c6b23eb82dfde39eea2514682ce6d8b9f67b0

CVE, Research URL

498c6b23eb82dfde39eea2514682ce6d8b9f67b0

Home page URL

Security reports for Image Compressor & Optimizer – iLoveIMG

Application

Image Compressor & Optimizer – iLoveIMG

Published on
Nov 14, 2023
Research Description
iLoveIMG [iloveimg] < 1.0.6 WordPress iLoveIMG Plugin <= 1.0.5 is vulnerable to PHP Object Injection Update the WordPress iLoveIMG plugin to the latest available version (at least 1.0.6). Unknown discovered and reported this PHP Object Injection vulnerability in WordPress iLoveIMG Plugin. This could allow a malicious actor to execute code injection, SQL injection, path traversal, denial of service, and more if a proper POP chain is present. This vulnerability has been fixed in version 1.0.6.
Affected versions
max 1.0.6.
Status
vulnerable
Previous vulnerability researches
Axact Author List Widget (64c0451c94de7e0131133a488609353b793f2348) , Jun 07, 2024
Axact Author List Widget (CVE-2025-22514) , Jan 15, 2025
Axact Author List Widget (b36562836dd76568d374ac032aa3b6cad3c82287) , Jun 16, 2026
Axact Author List Widget (f2497798-90dd-4f93-b6ff-31e02f8ca6fc) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026